You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
ghost
locked as resolved and limited conversation to collaborators
Nov 15, 2020
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Community Note
Description
Azure Cognitive Search supports enabling a service identity in order to authenticate with Key Vault to obtain customer-managed keys, as documented here: https://docs.microsoft.com/en-us/azure/search/search-security-manage-encryption-keys#3---create-a-service-identity
It should be possible to enable this service identity when creating an Azure Search service using Terraform.
The object_id of the identity should be exported as an output, so that it can be used to configure an Access Policy on a Key Vault in order to grant the Search Service identity access to the key, as explained here: https://docs.microsoft.com/en-us/azure/search/search-security-manage-encryption-keys#4---grant-key-access-permissions
This appears to be available in the SDK here: https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/vendor/github.com/Azure/azure-sdk-for-go/services/search/mgmt/2015-08-19/search/models.go#L68
New or Affected Resource(s)
Potential Terraform Configuration
Probably this should work the same way as the identity block for a virtual machine, and exported in the same way.
References
The text was updated successfully, but these errors were encountered: